Download - oes11gr2-ds-1708134
-
8/17/2019 oes11gr2-ds-1708134
1/2
ORACLE DATA SHEET
ORACLE ENTITLEMENTS SERVER
KEY FEATURES
Access & Entitlements Management
Access privileges in Oracle Entitlements Server
are defined in a policy by specifying who can
do what to which resources, when / under what
conditions, and how . The policy can enforce
controls on all types of resources, including but
not limited to:
Software components - URLs, Java Server
Pages, Enterprise JavaBeans, methods,
servlets etc.
UI widgets such as menus, tabs, portlets,
fields, buttons etc.
Business objects - sensitive documents, rich
media, images, geospatial information, user
profiles, bank accounts, insurance plans, and
medical records among many other things.
Deployment Options
The OES authorization engine (PDP) can be
embedded in applications or hosted centrally in
the network. Multiple options are also available
for policy distribution and caching to meet a
wide variety of business, integration,
deployment, performance, scalability, and high
availability requirements.
Risk & Context Based Access
Oracle Entitlements Server and Oracle Access
Management provide a unique end to end
solution that enables context aware computing.
Identity Context is automatically made
available for authorization decisions by OES,
allowing organizations to control what users
can do / what information they can access
based on the user, device, and runtime context
- this includes but is not limited to:
User attributes, roles, resource and dynamic
attributes, environmental conditions
How did the user authenticate to the system
What type of device is used to access the
system (e.g. a PC, a mobile device)
Information about the device – is it a
registered / trusted device, what is the
physical location, IP address, operating
system, is it jail broken, is virus scanning and
firewall enabled, is VPN enabled etc.
Assertions from federation partners
Risk Level – based on real time analysis of
anomalies in access patterns and
transactions
Oracle Entitlements Server (OES) is a standards-based, policy-driven security
solution that provides real time fine-grained authorization in Application,
Service-Oriented Architecture (SOA) and Database environments.
Introduction
Oracle Entitlements Server (OES) fills the need for granular, flexible, and externalized access
control. The solution provides a comprehensive and centralized approach for managing access
policies with distributed or centralized enforcement. Spurring the move to externalize
authorization is the growing number of industry regulations and compliance needs (e.g.
HIPAA/HITECH, PCI-DSS etc.), increase in security breaches and data leaks, as well as
increase in highly visible and costly fraudulent and unauthorized transactions.
To help organizations address security and compliance concerns, OES provides centralized
control and visibility of what users are authorized to do with sensitive applications,
information, and other corporate resources. OES also provides organizations with the ability
to centrally track and analyze who has done what through integrated runtime audit facilities.
Building enterprise class application security is not a common skill of most development
teams. When attempted, the result often is inconsistent security capabilities from one
application to the next, making administration and maintenance a costly and time consuming
endeavor. Yet, in many applications authorization decisions are embedded into the
application, making maintenance of the application lifecycle complex. OES authorization
policies on the other hand can be defined, changed, and enforced dynamically as market,
business, and regulatory requirements change without requiring code changes and lengthy
development – test – QA – production cycles, therefore reducing time-to-market and
development cost.
Oracle’s Solution for Externalized Authorization
Oracle Entitlements Server provides, as illustrated below, fine-grained authorization for a wide
ariety of scenarios in Oracle as well as heterogeneous environments:
-
8/17/2019 oes11gr2-ds-1708134
2/2
ORACLE DATA SHEET
2
Policy Simulation
Provides troubleshooting and what if analysis
to simulate the outcome of policy changes and
runtime access based on different conditions
Entitlements and Resource Catalog
OES provides facilities to model, categorize,
and classify an organization’s sensitive
resources within the OES repository.Resources can be flat (e.g. a list of web
services) or hierarchical (e.g. political and
geographical areas, folder hierarchies) and
organized by type and the set of operations a
user can perform on resources of that type
(e.g. view, edit, print, delete documents).
Resources in OES can be tagged with
information used in authorization policies (e.g.
the minimum age limit in each country and its
states) for increased flexibility and simplified
administration, and with human readable
information (e.g resource 123CA5ZA is actually
John Doe, an employee) to help administrators
define and administer policies, as well as
interpret reports and audit logs.
KEY BENEFITS
Centralized control and visibility with
distributed and centralized access
control enforcement - across
applications, portals, business services
and databases
Bridge corporate security policies to IT
and reduce security fragmentation
Improved efficiency through an open
and flexible policy-management
framework
SECURED ENVIRONMENTS
Frameworks:
Java, .NET, Web Services, RMI
Application Containers:
Oracle Weblogic, IBM Websphere, JBoss,
Apache Tomcat
Portals and Content Management :
Oracle WebCenter, Microsoft Sharepoint
XML Gateway and Service Bus:
Oracle Enterprise Gateway, Oracle Service
Bus, and 3rd
party solutions
Databases :
Oracle RDBMS and 3rd
party
SUPPORTED ACCESS CONTROL
STANDARDS
XACML
Attribute Based Access Control (ABAC)
Role Based Access Control (RBAC)
“Enterprise” RBAC
Java2 Permissions
OpenAZ for Java and .NET
Authorization policy management and runtime enforcement is provided for sensitive applications,
databases, containers (such as Java™, .NET), portals and content management systems (such asWebCenter and SharePoint), development frameworks, object relational mapping technologies,
intermediaries (such as XML gateways and ESB’s), web services, and SOA infrastructure.
Oracle Entitlements Server: Typical Usecases
Fine-Grained Authorization for Applications, Portals, Content, and Databases Oracle Entitlements Server can be used to protect all elements of an application:
– What UI elements (such as pages, tabs, portlets, fields, buttons) are visible or enabled – What data the user can see (employee, customer, patient records) and elements of the data
(credit card numbers, social security numbers, national identifiers, date of birth)
– What the user can do with the data (view, update, approve, escalate) – Whether a transaction should be allowed (only allow a junior trader to perform ten
transactions up to a given amount per day, during business hours, if market volatility is low)
Protected information can be represented by records in a relational database, documents, reports,
images, rich media, geospatial information, or anything else. Information can be secured in eitherthe application tier by using OES with object relational mapping technologies (such as Toplink,
Hibernate) or in the data tier (with technologies such as Oracle Virtual Private Database).
uthorization and Data Redaction for Internet API’s, SOA, and Web Services Oracle Entitlements Server protect web services, SOA infrastructure, and internet API’s by: – Blocking or permitting incoming requests based on fine grained ABAC based policies – Perform deep packet inspection of SOAP or REST payloads and selectively permit or deny
access based on request content – Selectively redact or encrypt sensitive information in the web services response
This is often achieved without any changes to the backend web service or SOA application.
Real-time Authorization for Enterprise ApplicationsOracle Entitlements Server ensures extremely low latency for mission-critical applications, and is
engineered to scale and handle large volumes of sensitive resources, users, roles, and authorization
decisions. OES is used in mission critical deployments with a wide variety of Oracle and non-Oracleased platforms and solutions. OES is Oracle’s strategic authorization engine and embedded in
products such as Oracle Fusion Applications and Oracle Fusion Middleware technologies such as
Oracle SOA Suite, Oracle WebCenter Portal & Spaces, Oracle ADF, and Oracle Identity and AccessManagement.
uthorization Standards & Models
Oracle Entitlements Server supports a large variety of authorization standards and models, including
native support for XACML, Attribute Based Access Control (ABAC), NIST Role Based Access
Control (RBAC), “Enterprise” RBAC, Java2 / JAAS Permissions, OpenAZ, and various models forenforcing data security. OES can also act as a Java2 Security Provider and plug directly into the
JVM for controlling access to the file system, network and sensitive code among other things.
Contact Us
For more information about Oracle Entitlements Server, visit oracle.com or call
+1.800.ORACLE1 to speak to an Oracle representative.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
This document is provided for information purposes only and the contents hereof are subject to change without notice. Thi
to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditio
We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directl
be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior wri
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respecti
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under li
SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered tradema
trademark of The Open Group. 0612